AAA & Network Security for Mobile Access. Wiley

Radius, Diameter, EAP, PKI, & IP Mobility

Madjid Nakhjiri Mahsa Nakhjiri

Motorola Labs, USA & Motorola Personal Devices, USA

e-books shop
AAA & Network Security for Mobile Access
Radius, Diameter, EAP, PKI, & IP Mobility

The market for mobile computers and commmunication devices continues to grow, which
means that every year there are more and more of them. This is creating numerous opportunities for network providers and operators of all sorts, because many of these devices derive their usefulness from their ability to get access to the Internet. Recently, within the IETF, there has been a surge of interest in creating new protocols and protocol interfaces to better enable operators to take advantage of these opportunities. These new protocols, taken as a whole, bring about a new kind of operator operation known as “AAA services”, thus the title of the book. Madjid, one of the two authors of this book, is known to me as a regular in several IETF
working groups, and his work is well represented within this book.
There is no doubt that AAA services are already of tremendous importance in today’s
Internet, given that much of the access control is mediated already by RADIUS servers and
associated protocols. Even so, I think that the true value of AAA services is still in the
process of emerging, as we transition from laptop computing to wireless mobile communications
in the future. As we begin to store more of our credentials on our wireless gadgets, and as the needs for user authentication continue to expand, it seems very natural that today’s AAA
practice will adapt to the needs of the new wireless technologies. These needs include higher
performance, improved roaming facilities, and interface to a multiplicity of security technologies.
Already, my experience is that I have to carry around a bag of strange connectors, security
cards, credit cards, and telephone numbers in order to be mobile. It seems that when
traveling, leaving any of these behind is much worse than forgetting to pack a toothbrush,
soap, or even shirts or socks. After all, I can usually find a place to buy those latter items.
Within the book, we can see the first glimmerings of how this new wireless mobile world
will look to the user desiring to make use of local Internet connectivity. Several recent specifications have been finally approved and are dutifully described in this book. In particular, the ideas of seamless mobility and context transfer provide great hope for the desired user productivity and the experience of well-engineered convenience. Clearly, there is a big gap separating the barebones specification and widespread deployment. It is to fill just these gaps that books such as this one are needed. But filling known gaps is only the beginning. Once the basic hurdles are cleared, I am confident that many new applications will soon be imagined and built to use the simplified access models provided by the new AAA services.
Charlie Perkins

About the Author
Madjid Nakhjiri is currently a researcher and network architect with Motorola Labs. He has been involved in the wireless communications industry since 1994. Over the years, Madjid has participated in the development of many cellular and public safety mission-critical projects, ranging from cellular location detection receiver design and voice modeling simulations to the design of architecture and protocols for QoS-based admission, call control, mobile VPN access and AAA procedures for emergency response networks. Madjid has been active in the standardization of mobility and security procedures in IETF, 3G and IEEE since 2000 and is a coauthor of a few IETF RFCs. Madjid has also authored many IEEE papers, chaired several IEEE conference sessions and has many patent applications in process.

Mahsa Nakhjiri is currently a systems engineer with Motorola Personal Devices and is involved in future cellular technology planning. Mahsa holds degrees in Mathematics and Electrical Engineering and has specialized in mathematical signal processing for antenna arrays. She has been involved in research on cellular capacity planning and modeling, design and simulation of radio and link layer protocols and their interaction with transport protocols in wireless environments. Mahsa has also worked with cellular operators on mobility and AAA issues from an operator perspective.

In today’s world, where computer viruses and security threats are common themes in
anything from Hollywood movies and TV advertisements to political discussions, it seems
unthinkable to ignore security considerations in the design and implementation of any
network. However, it is only in the past 4–5 years that talkative security experts have been
invited to the design table from the start. The common thinking only 5 years ago was either:
this is somebody else’s problem or let us design the major functionalities first, then bring in a
cryptographer to secure it! This treatment of security as an add-on feature typically led either
to design delays, overheads and extra costs when the “feature” had to be included, or to
ignored security provisioning when the “feature” was not a must. The problem, of course,
stemmed from the fact that security “features” have rarely been revenue-makers. As we all
know, many political, social and economic events in the last half decade have forced the
designers, regulators and businessmen to adjust their attitudes towards security considerations.
People realized that although security measures are not revenue-makers, their lack is
indeed a deal breaker, to say the least, or has catastrophic aftermaths, at worst.

The Internet Engineering Task Force (IETF) has also played an important role in establishing
the aforementioned trend by making a few bold moves. The rejection of some very
high profile specifications due to the lack of proper security considerations was a message to
the industry that security is not to be taken lightly. This was done in a era where the
Internet and its applications seemed to have no boundaries and security provisioning seemed
to be only a barrier rather than an enabler.
As a result of this trend, the field of network security gained a lot of attention. A profession
that seemed to belong only to a few mathematically blessed brains opened up to a community
of practitioners dealing with a variety of networking and computing applications. Many standards, such as 802.1X, IPsec and TLS, were developed to apply cryptographic concepts and
algorithms to networking problems. Many books were written on the topics of security and
cryptography, bringing the dark and difficult secrets of fields such as public key cryptography
to a public that typically was far less mathematically savvy than the original inventors.

Many protocols and procedures were designed to realize infrastructures such as PKIs to bring
these difficult concepts to life. Still, cryptographic algorithms or security protocols such as
IPsec are not enough alone to operate a network that needs to generate services and revenues
or to protect its constituency. Access to the network needs to be controlled. Users and devices
need to be authorized for a variety of services and functions and often must pay for their
usage. This is where the AAA protocols came in. In its simpler form a AAA protocol such as
a base RADIUS protocol only provides authentication-based access control. A few service
types are also included in the authorization signaling. RADIUS was later augmented with
accounting procedures. Diameter as a newer protocol was only standardized less than 2 years ago.
Both RADIUS and Diameter are still evolving at the time of writing. This evolution is to
enable AAA mechanisms and protocols to provide powerful functions to manage many
complicated tasks ranging from what is described above to managing resources and mobility
functions based on a variety of policies. In the near future the networks need to allow the
user through a variety of interfaces, devices and technologies to gain access to the network.
The user will require to be mobile and yet connected. The provision of the connection may
at times have to be aided by third parties. The interaction between AAA and security procedures
with entities providing mobility and roaming capabilities is a very complicated one and
is still not completely understood. Despite this complexity, there seem to be very few books
on the market that discuss more than a single topic (either security, or mobility or wireless
technology). The topic of AAA is largely untouched. Very little text in the way of published
literature is available on AAA protocols, let alone describing the interaction of these
protocols with security, mobility and key management protocols.

The idea for writing this book started from an innocent joke by the IETF operation and
management area director during an IETF lunch break a few years ago. When we asked
about the relations between the use of EAP for authentication and Mobile IP-AAA signaling,
the answer was “Maybe you should write a book about the subject”. Even though this was
considered a joke at a time, as we started to work on deploying AAA infrastructure for
Mobile IP and EAP support, the need for easy-to-understand overview material was felt so
strongly that the joke now sounded like black humor. We had to write a book on AAA as a
community service!

The book is geared towards people who have a basic understanding of Internet Protocol
(IP) and TCP/IP stack layering concepts. Except for the above, most of the other IP-related
concepts are explained in the text. Thus, the book is suitable for managers, engineers,
researchers and students who are interested in the topic of network security and AAA but do
not possess in-depth IP routing and security knowledge. We aimed at providing an overview
of IP mobility (Mobile IP) and security (IPsec) to help the reader who is not familiar with
these concepts so that the rest of the material in the book can be understood. However, the
reader may feel that the material quickly jumps from a simple overview of Mobile IP or IPsec
to sophisticated topics such as bootstrapping for IP mobility or key exchange for IP security.
Our reasoning here was that we felt that there are a number of excellently written books on
the topics of Mobile IP and IPsec, to which the reader may refer, so it would not be fair to fill
this book with redundant information. Instead, the book provides just enough material on
those topics to quickly guide the reader into the topics that are more relevant to the rest of the
material in this book. The book may also serve as a reference or introduction depending on the
reader’s need and background, but it is not intended as a complete implementation reference
book. The tables listing the protocol attributes are intentionally not exhaustive to avoid
distractions. Most of the time, only subsets that pertain to the discussions within the related
text are provided to enable the reader to understand the principles behind the design of these
attributes. At the same time, references to full standards specifications are provided for
readers interested in implementation of the complete feature sets.

Chapter 1 of this book provides an overview of what AAA is and stands for. It provides
thorough descriptions of both authorization and accounting mechanisms. Unfortunately the
field and standardization on authorization mechanisms is in the infancy stage at this point and
accounting, compared to authentication, has received far less attention in the research and
standards community due to its operator-specific nature. Due to the enormous amount of
research done on authentication, we devote Chapter 2 entirely to authentication concepts and
mechanisms and also provide a rather unique classification (from IAB) of authentication
mechanisms in that chapter. We will come back to the topic of authentication and describe
more sophisticated EAP-based authentications in Chapter 10, but after Chapter 2, we go
through the concepts of key management in Chapter 3 to lay the groundwork for most of the
security and key management discussions in Chapter 4 and the rest of the book. Chapter 4
discusses IPsec and TLS briefly, but provides a thorough discussion on IKE as an important
example of a key management and security association negotiation protocol. As mentioned
earlier, the aim of that chapter is not to describe IPsec or TLS thoroughly. Both these protocols
are provided for completeness and to provide the background for the later discussion of
security topics. Chapter 5 discusses mobility protocols for IP networks. It describes basic
Mobile IP procedures and quickly goes through the latest complementary work in IETF, such
as bootstrapping. This chapter also describes two IETF seamless mobility protocols, context
transfer and candidate access router discovery, which may be required to achieve seamless
handovers. This chapter also describes the security procedures for Mobile IPv4 and lays the
groundwork for Mobile IP-AAA discussions in Chapter 8. Chapters 6 and 7 describe the two
most important AAA protocols, namely RADIUS and Diameter and their applications for
authentication and accounting. Many of the specifications that are considered work in
progress in IETF are covered here.

Chapter 8 finally covers the topic discussed in the IETF joke we mentioned earlier: Mobile
IP-AAA signaling to provide authentication and key management for Mobile IP signaling.

Chapter 9 goes on to provide a description of public key infrastructures (PKI) and the
issues and concerns with management of PKIs, certificates and their revocation.

Chapter 10 describes the EAP authentication framework, EAP signaling transport and the
structure for a generic EAP-XXX mechanism. It also provides overviews of a variety of EAP
authentication methods, such as EAP-TLS, EAP-TTLS, EAP-SIM, and so on.

Finally, Chapter 11 makes a humble attempt at describing the overall problem of AAA and
identity management in a multi-operator environment and discusses various architectural
models to tackle the problem. This chapter also provides an overview of the Liberty Alliance.
We wish the readers a joyful read.

Table of Contents
Foreword xv
Preface xvii
About the Author xxi
Chapter 1 The 3 “A”s: Authentication, Authorization, Accounting 1
1.1 Authentication Concepts 1
1.1.1 Client Authentication 2
1.1.2 Message Authentication 4
1.1.3 Mutual Authentication 5
1.1.4 Models for Authentication Messaging 6 Two-Party Authentication Model 6 Three-Party Authentication Model 6
1.1.5 AAA Protocols for Authentication Messaging 7 User–AAA Server 7 NAS–AAA Server Communications 7 Supplicant (User)–NAS Communications 8
1.2 Authorization 8
1.2.1 How is it Different from Authentication? 8
1.2.2 Administration Domain and Relationships with the User 9
1.2.3 Standardization of Authorization Procedures 10 Authorization Messaging 12 Policy Framework and Authorization 12
1.3 Accounting 13
1.3.1 Accounting Management Architecture 13 Accounting Across Administrative Domains 14
1.3.2 Models for Collection of Accounting Data 15 Polling Models for Accounting 15 Event-Driven Models for Accounting 15
1.3.3 Accounting Security 17
1.3.4 Accounting Reliability 17 Interim Accounting 18 Transport Protocols 18 Fail-Over Mechanisms 18
1.3.5 Prepaid Service: Authorization and Accounting in Harmony 19
1.4 Generic AAA Architecture 19
1.4.1 Requirements on AAA Protocols Running on NAS 21
1.5 Conclusions and Further Resources 23
1.6 References 23
Chapter 2 Authentication 25
2.1 Examples of Authentication Mechanisms 25
2.1.1 User Authentication Mechanisms 26 Basic PPP User Authentication Mechanisms 27 Shortcoming of PPP Authentication Methods 29 Extensible Authentication Protocol (EAP) as Extension to PPP 30 SIM-Based Authentication 30
2.1.2 Example of Device Authentication Mechanisms 31 Public Key Certificate-Based Authentication 32 Basics of Certificate-Based Authentication 32
2.1.3 Examples of Message Authentication Mechanisms 33 HMAC-MD5 34
2.2 Classes of Authentication Mechanisms 36
2.2.1 Generic Authentication Mechanisms 41 Extensible Authentication Protocol (EAP) 41 EAP Messaging 42
2.3 Further Resources 44
2.4 References 45
Chapter 3 Key Management Methods 47
3.1 Key Management Taxonomy 47
3.1.1 Key Management Terminology 47
3.1.2 Types of Cryptographic Algorithms 49
3.1.3 Key Management Functions 50
3.1.4 Key Establishment Methods 51 Key Transport 51 Key Agreement 52 Manual Key Establishment 53
3.2 Management of Symmetric Keys 54
3.2.1 EAP Key Management Methods 54
3.2.2 Diffie–Hellman Key Agreement for Symmetric Key Generation 58 Problems with Diffie–Hellman 60
3.2.3 Internet Key Exchange for Symmetric Key Agreement 61
3.2.4 Kerberos and Single Sign On 62 Kerberos Issues 65
3.2.5 Kerberized Internet Negotiation of Keys (KINK) 66
3.3 Management of Public Keys and PKIs 67
3.4 Further Resources 68
3.5 References 69
Chapter 4 Internet Security and Key Exchange Basics 71
4.1 Introduction: Issues with Link Layer-Only Security 71
4.2 Internet Protocol Security 73
4.2.1 Authentication Header 74
4.2.2 Encapsulating Security Payload 74
4.2.3 IPsec Modes 75 Transport Mode 76 Tunnel Mode 76
4.2.4 Security Associations and Policies 77
4.2.5 IPsec Databases 78
4.2.6 IPsec Processing 78 Outbound Processing 78 Inbound Processing 79
4.3 Internet Key Exchange for IPsec 79
4.3.1 IKE Specifications 79
4.3.2 IKE Conversations 81 IKE Phase 1 81 IKE Phase 2 82 Round Trip Optimizations 82
4.3.3 ISAKMP: The Backstage Protocol for IKE 83 ISAKMP Message Format 83 ISAKMP Payloads in IKE Conversations 86
4.3.4 The Gory Details of IKE 86 Derivation of ISAKMP Short-Term Keys 86 IKE Authentication Alternatives 88 IKE Deployment Issues 90
4.4 Transport Layer Security 91
4.4.1 TLS Handshake for Key Exchange 93
4.4.2 TLS Record Protocol 95 TLS Alert Protocol 95
4.4.3 Issues with TLS 96
4.4.4 Wireless Transport Layer Security 96
4.5 Further Resources 96
4.6 References 97
Chapter 5 Introduction on Internet Mobility Protocols 99
5.1 Mobile IP 99
5.1.1 Mobile IP Functional Overview 102 Mobile IP Registration 103 Mobile IP Reverse Tunneling 106
5.1.2 Mobile IP Messaging Security 107 Caveat: Key Establishment 109
5.2 Shortcomings of Mobile IP Base Specification 109
5.2.1 Mobile IP Bootstrapping Issues 110 Dynamic Home Address Assignment 111 Dynamic Home Agent Assignment 111 Dynamic Key Establishment 113
5.2.2 Mobile IP Handovers and Their Shortcomings 113 Layer-2 Triggers and Fast Handovers 114 Candidate Router Discovery Issues 115 Delay and Disruption Tolerance by Applications 116 Establishment of Network Services 116
5.3 Seamless Mobility Procedures 117
5.3.1 Candidate Access Router Discovery 118
5.3.2 Context Transfer 120 Design Considerations 122 Messaging Overview 124
5.4 Further Resources 125
5.5 References 126
Chapter 6 Remote Access Dial-In User Service (RADIUS) 127
6.1 RADIUS Basics 127
6.2 RADIUS Messaging 128
6.2.1 Message Format 129
6.2.2 RADIUS Extensibility 130
6.2.3 Transport Reliability for RADIUS 130
6.2.4 RADIUS and Security 131 RADIUS Message Integrity Protection 131 Attribute Hiding 132 Security Vulnerabilities of RADIUS 134 RADIUS over IPsec 135
6.3 RADIUS Operation Examples 135
6.3.1 RADIUS Support for PAP 135
6.3.2 RADIUS Support for CHAP 136
6.3.3 RADIUS Interaction with EAP 138
6.3.4 RADIUS Accounting 139 Basic Operation 139 Security and Reliability of RADIUS Accounting 140
6.4 RADIUS Support for Roaming and Mobility 141
6.4.1 RADIUS Support for Proxy Chaining 142 Roaming Concepts 142 Proxy Chaining Operation 143 Issues with Proxy Chaining 143
6.5 RADIUS Issues 143
6.6 Further Resources 144
6.6.1 Commercial RADIUS Resources 144
6.6.2 Free Open Source Material 145
6.7 References 145
Chapter 7 Diameter: Twice the RADIUS? 147
7.1 Election for the Next AAA Protocol 147
7.1.1 The Web of Diameter Specifications 148 Diameter Base Specification 148 Security Specifications 149 Diameter Transport Profile 150 Diameter NAS Application 150
7.1.2 Diameter Applications 151
7.1.3 Diameter Node Types and their Roles 152
7.2 Diameter Protocol 153
7.2.1 Diameter Messages 153 Diameter Message Format 154 Diameter Command Code (Message Types) 154 Attribute-Value Pair (AVP) Format 155 Examples of Diameter Base Specification AVPs 156
7.2.2 Diameter Transport and Routing Concepts 157 Diameter Transport Concepts 157 Diameter Routing Concepts 158 Diameter Message Routing and Forwarding 159
7.2.3 Capability Negotiations 159
7.2.4 Diameter Security Requirements 160 Use of IPsec or TLS for Diameter 161 Path Authorization: Impact of Security on Authorization and Accounting 161
7.3 Details of Diameter Applications 162
7.3.1 Accounting Message Exchange Example 162
7.3.2 Diameter-Based Authentication, NASREQ 163 Commands Introduced by NASREQ 164 NASREQ AVPs 164 Diameter NAS Messaging 165
7.3.3 Diameter Mobile IP Application 167
7.3.4 Diameter EAP Support 167
7.4 Diameter Versus RADIUS: A Factor 2? 168
7.4.1 Advantages of Diameter over RADIUS 168 Fail-Over 168 Server-initiated Messages 169 Reliable Transport 169 Capability Negotiation 169 Security and Audibility Issues 169 Diameter Support for Agents and Inter-Domain Roaming 170 Peer Discovery and Configuration 170 Backward Compatibility with RADIUS 170
7.4.2 Issues with Use of Diameter 170
7.4.3 Diameter-RADIUS Interactions (Translation Agents) 171
7.5 Further Resources 172
7.6 References 172
Chapter 8 AAA and Security for Mobile IP 175
8.1 Architecture and Trust Model 177
8.1.1 Timing Characteristics of Security Associations 178 Pre-established SAs (PSA) 178 Mobility Security Associations (MSA) 179 AAASA 179 Lifetimes 180 Security Parameter Index (SPI) 180
8.1.2 Key Delivery Mechanisms 181
8.1.3 Overview of Use of Mobile IP-AAA in Key Generation 182
8.2 Mobile IPv4 Extensions for Interaction with AAA 184
8.2.1 MN-AAA Authentication Extension 184
8.2.2 Key Generation Extensions (IETF work in progress) 186
8.2.3 Keys to Mobile IP Agents? 187
8.3 AAA Extensions for Interaction with Mobile IP 187
8.3.1 Diameter Mobile IPv4 Application 188 Diameter Model for Mobile IP Support 188 New Diameter AVPs for Mobile IP Support 190 Diameter Mobile IP Messaging Overview 193
8.3.2 Radius and Mobile IP Interaction: A CDMA2000 Example 196 Mobile IP Support Within CDMA2000 196 RADIUS Support, or Not! 197 CDMA2000 Messaging Procedure 199
8.4 Conclusion and Further Resources 200
8.5 References 201
Chapter 9 PKI: Public Key Infrastructure: 
Fundamentals and Support for IPsec and Mobility 203
9.1 Public Key Infrastructures: Concepts and Elements 204
9.1.1 Certificates 204
9.1.2 Certificate Management Concepts 205
9.1.3 PKI Elements 209
9.1.4 PKI Management Basic Functions 210 Basic PKI Transactions 211 Enrollment and Authentication 211
9.1.5 Comparison of Existing PKI Management Protocols 212 PKCS #10 213 SSL Protection for PKCS #10 214 PKCS #7 Protection for PKCS #10 215 IETF Certificate Management Protocol (CMP) 219 Certificate Management Using CMS (CMC) 221 Simple Certificate Enrollment Protocol (SCEP) 221
9.1.6 PKI Operation Protocols 221 PKI Certificate Discovery and Validation Protocols 222
9.2 PKI for Mobility Support 222
9.2.1 Identity Management for Mobile Clients: No IP Addresses! 222 Certificate Subjects for Mobile Devices 223 Certificate Subjects for Human Users 224
9.2.2 Certification and Distribution Issues 225 Validity Checking and CRL Distribution 225 Roaming and Certification 226 Device Certificates 226 User Certificates 226
9.3 Using Certificates in IKE 227
9.3.1 Exchange of Certificates within IKE 229 Certificate Data Type Profiling for ISAKMP 229 In-Band Versus Out-of-Band Exchanges 230 Certificate Authority and Certificate Chains 230
9.3.2 Identity Management for ISAKMP: No IP Address, Please! 231
9.4 Further Resources 232
9.5 References 232
9.6 Appendix A PKCS Documents 233
Chapter 10 Latest Authentication Mechanisms, EAP Flavors 235
10.1 Introduction 235
10.1.1 EAP Transport Mechanisms 237
10.1.2 EAP over LAN (EAPOL) 237
10.1.3 EAP over AAA Protocols 238
10.2 Protocol Overview 239
10.3 EAP-XXX 242
10.3.1 EAP-TLS (TLS over EAP) 244 EAP-TLS Architecture and Message Format 244 Protocol Overview 246 Drawbacks with EAP-TLS 248
10.3.2 EAP-TTLS 248 EAP-TTLS Functional Elements 250 Messaging Overview 252 Protocol Overview 253 Session Resumption: EAP-TTLS Support for Mobility 254 Example: CHAP Over EAP-TTLS 255
10.3.3 EAP-SIM 257
10.4 Use of EAP in 802 Networks 259
10.4.1 802.1X Port-Based Authentication 259 EAPOL in 802.1X and Interaction with RADIUS 260 Security Flaws of 802.1X, WPA/RSN and 802.1aa 260
10.4.2 Lightweight Extensible Authentication Protocol (LEAP) 260
10.4.3 PEAP 262
10.5 Further Resources 262
10.6 References 263
Chapter 11 AAA and Identity Management for Mobile Access: 
The World of Operator Co-Existence 265
11.1 Operator Co-existence and Agreements 265
11.1.1 Implications for the User 266
11.1.2 Implications for the Operators 267
11.1.3 Bilateral Billing and Trust Agreements and AAA Issues 269 Identity Management and Security Issues 271
11.1.4 Brokered Billing and Trust Agreements 272
11.1.5 Billing and Trust Management through an Alliance 274
11.2 A Practical Example: Liberty Alliance 275
11.2.1 Building the Trust Network: Identity Federation 276 Identity Services 276 Circle of Trust 278 Building the Circle of Trust 278
11.2.2 Support for Authentication/Sign On/Sign Off 279 Enabling Protocols 281
11.2.3 Advantages and Limitations of the Liberty Alliance 282
11.3 IETF Procedures 283
11.4 Further Resources 285
11.5 References 285
Index 287


e-books shop

Purchase Now !
Just with Paypal

Product details
 318 p
 File Size
 8,722 KB
 File Type
 PDF format
 2005 John Wiley & Sons Ltd 

═════ ═════

Loading... Protection Status